Authentication
Every request to the enza API is authenticated with an API key and is subject to IP allowlisting. Both are arranged with the enza team before you go live.
Required headers
| Header | Required | Description |
|---|---|---|
x-api-key | Always | Your API key. Send it on every request. |
Idempotency-Key | Writes (POST/PATCH) | UUID v4 per logical request — see the Idempotency guide. |
Content-Type | Requests with a body | application/json. |
A missing x-api-key returns 401; an invalid or revoked key returns 403.
See Codes & Formats for the full status-code reference.
IP allowlisting
Access is restricted to approved source IP addresses. Before you can call the API — including to try it out — your outbound IPs must be added to the allowlist.
This is managed by the enza team. Share the public IP address(es) your
integration will call from, and enza will register them. Requests from an IP that
is not on the allowlist are rejected with 403.
Getting access
- Request an API key and share the source IP address(es) you'll call from.
- The enza team provisions the key and adds your IPs to the allowlist.
- Send
x-api-keyon every request (plusIdempotency-Keyon writes).
Last modified on